For DHCP relay support, and possibly other features, there is a need to
add specific allow rules to the router firewall between the FWaas v1/v2
rules, and the default drop rule.
This patch set the structure to do that, without actually adding new rules.
In case of FWaaS v2 the additional rules are per router interface.
Change-Id: I63d754495f56ec9081d84dcea6fb688ee1c41dbd
In case the NSX-V3 does not support router-firewall, but the service plugin
is enabled, a warning will be logged at init, and all firewall actions
will issue a driver error (meaning the firewall will be in ERROR state)
Change-Id: Ia4adc4d6433d16e0de7d7ad0439017acbe836d96
Adding FW rules to protect the traffic north-south behind a T1 router.
This will be done only if a firewall was attached to the router.
This includes:
- FWaaS rules
- Drop all default rule
When the firewall is deleted or the router removed from it,
a default allow all rule will be set.
For the rotuer firewall to work, the rotuer NAT rules should set
nat-bypass=False.
Change-Id: Iba03db8ca67ee10d1c54b96fb41a888cb549684d